Safeom.com
It can be said that thousands of malicious sites have been created for the purpose of spreading malware. One recent websites called Safeom.com is yet another one. Safeom.com is a website that promotes the rogue security program named Antivirus Scan. The cybercrooks that created the Antivirus Scan application have also created a website, Safeom.com, to help market and spread their malicious security program. The interface of Safeom.com blatantly advertises Antivirus Scan as being a ?safeguard to your PC? but through our experience and technical testing on similar rogue applications, it was found that Antivirus Scan is nothing more than a means to a quick pay-day for these cybercrooks. Computer users should avoid Safeom.com at all costs and never attempt to download any type of software offered on the Safeom.com homepage.
If you have noticed Safeom.com popping up on your screen or web browser, then you should take immediate action to scan your system with a trusted spyware detection tool to ensure the system is not infected with malware.
File System Modifications
- The following files were created in the system:
# File Name 1 %Temp%\[random]\ 2 %Temp%\[random]\[random].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http=127.0.0.1:59274'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"HKEY_CURRENT_USER\Software\[random]
Thankyou for sharing with us. keep update on this malware .